blog

wodzen@websmite:~$ dissecting vulnerabilities in the code that powers the internet

⟩

● live feed: 7 results

/

[Feb 25, 2026]

CVE-2026-25891: Double Encoding in Go Fiber

I published CVE-2026-25891, a path traversal in the Go Fiber web framework.

--cve--advisory--writeup
[Feb 17, 2026]

CVE-2026-25893: FUXA Heartbeat Refresh RCE

I published CVE-2026-25893, an unauthenticated RCE in FUXA.

--cve--advisory--writeup
[Feb 10, 2026]

CVE-2025-67229: Driving Electron On-Path

I published CVE-2025-67229, a TLS verification issue in ToDesktop, affecting hundreds of applications.

--cve--advisory--writeup
[Feb 03, 2026]

CVE-2026-25149: Protocol-relative Open Redirects

I published CVE-2026-25149, a protocol-relative open redirect in Qwik City.

--cve--advisory--writeup
[Jan 15, 2026]

CVE-2026-22814: Driving ORMs Through State Injection

I published CVE-2026-22814, an ORM state injection vulnerability in Lucid.

--cve--advisory--writeup
[Jan 11, 2026]

CVE-2026-21440: Multipart Path Traversal

I published CVE-2026-21440, an arbitrary file write in AdonisJS.

--cve--advisory--writeup
[Jan 10, 2026]

Hello World

What this blog is about.

--intro